Seems similar to  Issue 613488 , except UNKNOWN WRITE rather than UNKNOWN READ.

ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=4549285630967808

I might already be fixed together with  Issue 613488 . 
Tried re-run the minimized test case, got the following stacktraces:

+----------------------------------------Release Build Stacktrace----------------------------------------+
/mnt/scratch0/clusterfuzz/slave-bot/builds/v8-asan_linux-debug_1f17dda3b0e56007440db98eafbaad9618b3d0fa/revisions/d8-asan-linux-debug-v8-component-36453/d8 --expose-gc --allow-natives-syntax --debug-code --es-staging --enable-slow-asserts --verify-heap --harmony-templates --invoke-weak-callbacks --omit-quit /mnt/scratch0/clusterfuzz/slave-bot/inputs/fuzzer-testcases/fuzz-01027.js

[Crash Revision] r36453
[Environment] ASAN_OPTIONS = redzone=128:coverage_dir=/mnt/scratch0/tmp:strict_memcmp=0:detect_container_overflow=1:coverage=1:allocator_may_return_null=1:fast_unwind_on_fatal=1:symbolize=0:detect_stack_use_after_return=1:alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:check_malloc_usable_size=0:detect_odr_violation=0:use_sigaltstack=1:handle_segv=1
[Environment] LSAN_OPTIONS = suppressions=/mnt/scratch0/clusterfuzz/scripts/suppressions/lsan_suppressions.txt

Warning: unknown flag --harmony-templates.
Try --help for options
/mnt/scratch0/clusterfuzz/slave-bot/inputs/fuzzer-testcases/fuzz-01027.js:56: SyntaxError: Unexpected token function
let AsyncFunction = (async function() {}).constructor;
                           ^^^^^^^^
SyntaxError: Unexpected token function



Any other test case can be used to reproduce? 

I was getting the same. I'm a bit worried that `async function()` causes a different error due to Javascript experiments/flags, and that the fundamental problem is still there.

Does not reproduce anymore, closing.

ClusterFuzz has detected this issue as fixed in range 36396:36398.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4804004403478528

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0xfffffffe00000000
Crash State:
  v8::internal::Invoke
  v8::internal::Execution::Call
  v8::internal::Execution::TryCall
  
Recommended Security Severity: High

Fixed: V8: r36396:36398

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95V_adoJtjmhjyb6dDJZQXHOR4MlzdPYcbP3r7WLEpV38g75KM4GaSMF7uiaGYGFiQoaG5DAVHD0XEY-8oV5gLOf2lkcA9xJ1aRH7UHWIWWzhCiKFuBq_UwpSRzoaEQMxpBXct1U5FFSNEwVhsu0s-fUFn8AX_PuZ6fyVUDBsY38M6AFpw?testcase_id=4804004403478528


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 36396:36398.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4804004403478528

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0xfffffffe00000000
Crash State:
  v8::internal::Invoke
  v8::internal::Execution::Call
  v8::internal::Execution::TryCall
  
Recommended Security Severity: High

Fixed: V8: r36396:36398

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95V_adoJtjmhjyb6dDJZQXHOR4MlzdPYcbP3r7WLEpV38g75KM4GaSMF7uiaGYGFiQoaG5DAVHD0XEY-8oV5gLOf2lkcA9xJ1aRH7UHWIWWzhCiKFuBq_UwpSRzoaEQMxpBXct1U5FFSNEwVhsu0s-fUFn8AX_PuZ6fyVUDBsY38M6AFpw?testcase_id=4804004403478528


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 36396:36398.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4804004403478528

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0xfffffffe00000000
Crash State:
  v8::internal::Invoke
  v8::internal::Execution::Call
  v8::internal::Execution::TryCall
  
Recommended Security Severity: High

Fixed: V8: r36396:36398

Minimized Testcase (18.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96E8cTY6Q319Bu6kQaD5dFfA7ThL_a495-rBxepWinn0hUPZ81fDH1wovWsAYnZbC9JbaECKspQ7R0IaM9f2W9ofhIgu9zkra2Nb2DFBE5gPqZtpEpkWm1OCBpneNGfIeCr6b47gnvYvEm8C5nxlZem8iXc7mz_IMDp3SMmDzIUKVEv3o0?testcase_id=4804004403478528

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot